Rapid7 Vulnerability & Exploit Database

Windows Gather Enumerate Domain Group

Back to Search

Windows Gather Enumerate Domain Group



This module extracts user accounts from the specified domain group and stores the results in the loot. It will also verify if session account is in the group. Data is stored in loot in a format that is compatible with the token_hunter plugin. This module must be run on a session running as a domain user.


  • Carlos Perez <carlos_perez@darkoperator.com>
  • Stephen Haywood <haywoodsb@gmail.com>




Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

Time is precious, so I don’t want to do something manually that I can automate. Leveraging the Metasploit Framework when automating any task keeps us from having to re-create the wheel as we can use the existing libraries and focus our efforts where it matters.

– Jim O’Gorman | President, Offensive Security